The Hidden Privacy Paradox: Why Your Privacy Protection Company May Be Selling You Out

TL;DR

When you hire a company to remove your personal information from data brokers, you expect protection. But some privacy protection companies may be quietly sharing your data with marketing affiliates—operating like the data brokers they claim to fight. Before you trust a provider, ask: Who truly controls your personal data?

What’s Happening

The Expectation of Protection

You’re paying for protection expecting to reduce your exposure, prevent identity theft, and shrink your digital footprint. But for millions of Americans, privacy protection may come with a hidden cost.

The Reality of Data Sharing

For users of Norton, LifeLock, Avast, or MoneyLion all under Gen Digital your privacy data may be shared within the company’s corporate group and used for financial marketing. This isn’t a theory. It’s written into their privacy policies.

Why It Matters

What Are Data Brokers?

Data brokers are companies that collect, aggregate, and sell or share personal data from public and private sources. They build detailed digital profiles that include your identity, online activity, financial behavior, and more.

This data can be used to:

• Fuel identity theft

• Target you with predatory marketing

• Facilitate surveillance

When privacy protection companies behave like data brokers, your trust is compromised.

The Gen Digital Acquisition of MoneyLion

On April 17, 2025, Gen Digital (formerly NortonLifeLock) acquired MoneyLion, a fintech company offering:

• Credit-building tools

• Personal finance services

• Access to over 400 financial product providers

This links cybersecurity and identity services (like Norton and LifeLock) with financial marketplaces. Behind the scenes, it creates a powerful system of shared data fuel for targeted marketing.

What the Privacy Policies Say

MoneyLion Privacy Policy

As of January 15, 2025, MoneyLion’s policy allows sharing personal data with related companies for marketing and advertising purposes, including:

• Name, address, Social Security number

• Account balances and spending activity

• Credit scores and credit histories

• Location and geolocation data

• Profile inferences for targeting

It states clearly: “We may use personal information to serve you with advertising for marketplace partner products or services, or the products or services of our corporate parent entities and their wholly-owned subsidiaries and affiliates.”

Gen Digital Privacy Policy

Gen Digital’s Global Privacy Statement (March 2025) confirms data sharing with corporate affiliates. In the past 12 months, they disclosed:

• User data

• Product usage

• Website behavior

• Third-party data

How It Affects You

Your Data Could Fuel Marketing Not Just Protection

Personal data collected through LifeLock, Norton, or Avast could end up informing financial marketing decisions by MoneyLion. You may be:

• Targeted with credit products during identity theft incidents

• Offered loans after malware detection

• Pushed into subprime products following credit score drops

These outcomes are enabled—and permitted—by current privacy policy terms.

The Legal Loophole: GLBA Exemption

What Is GLBA?

The Gramm-Leach-Bliley Act (GLBA) governs financial institutions. If a company is GLBA-regulated, they can claim exemption from certain state privacy laws like California's data broker law.

How They Avoid Accountability

MoneyLion defines itself as a GLBA-regulated financial institution. Its privacy policy states:
“We may be exempt from certain state privacy laws.”

This allows:

• Sharing of personal data without registering as a data broker

• Avoiding transparency laws

• Bypassing opt-out or deletion obligations

This legal structure gives companies like Gen Digital a loophole to act like data brokers—without being treated as such.

The Perfect Storm: All Your Data Under One Roof

What Gen Digital Collects

From Norton & Avast:

• Browsing history and URLs

• Malware incidents

• Device identifiers

• Network traffic and threats

From LifeLock:

• Social Security numbers

• Credit reports

• Bank account data

• Dark web alerts

• Fraud monitoring

From MoneyLion:

• Income data

• Credit applications

• Financial product searches

• Spending patterns

The Risk

When all this data is legally shared among affiliates, it forms a single point of failure. A data breach could expose everything. Even without a breach, this data can be used to target you at your most vulnerable.

Trust Betrayed: When Privacy Companies Act Like Data Brokers

Broken Promises

These brands promote themselves as protectors:

• LifeLock claims to shield you after data exposure

• Norton offers guides to fight data brokers

Yet, behind the scenes, the same data is legally shared within the Gen Digital network for financial marketing. This is a clear violation of consumer trust.

Secondary Use of Data

This is what privacy experts call secondary use data collected for one reason (protection) being reused for another (marketing). Consumers are rarely aware, and the privacy policies don’t highlight it plainly.

Why Most Consumers Don’t Know

Information Asymmetry

Consumers face what experts call information asymmetry:

• Few read 30-page privacy policies

• Terms like “corporate affiliate” or “GLBA exemption” aren’t clear

• Disclosure is technically present, but not understood

As a result, consumers think their data is safe when it may be exposed in new ways.

What Can Be Done

What You Should Demand

1. No Corporate Data Sharing

Ask your provider:

“Do you share my data with corporate affiliates or subsidiaries?”

If they can’t answer clearly or say “yes,” that’s a red flag.

2. No Financial Product Marketing

Avoid privacy services tied to:

• Loan marketplaces

• Credit tools

• Financial referrals

These connections create incentives to monetize your vulnerability.

3. No GLBA-Based Loopholes

Reject providers that use financial-institution status to sidestep state privacy laws. True privacy companies shouldn’t need exemptions to operate ethically.

4. Transparent Business Models

Privacy companies should earn revenue only from you, not from advertisers or financial partners.

5. Independent Verification

Look into ownership. Are they part of a larger marketing, analytics, or financial group? Independence is critical.

Where mePrism Helps

True Independence

At mePrism Privacy, we believe your data should be protected not monetized.

• We are fully independent

• We do not share data with affiliates

• We do not operate loan marketplaces or financial services

• We do not use data for secondary marketing

What We Do

• We use your data only to submit opt-out requests to data brokers

• We do not retain, profile, or resell your data

• We do not exploit regulatory loopholes

• We do not participate in affiliate programs

Our Only Incentive: Your Privacy

Our business only succeeds when your data disappears from data broker databases—not when it gets marketed to.

Final Thought: Choose Real Privacy, Not a Marketing Engine

Ask your privacy protection provider one question:

“Do you have any reason to use my data beyond removing it from data brokers?”

If the answer isn’t a clear “no”, look elsewhere.

At mePrism, there’s no conflict of interest. No hidden affiliate. No financial upsell. Just clean, simple, verified privacy protection.

Explore more from Our Team

Browse more posts written by our team to help you stay in control.